I have a very simple example that refuses to be flagged by either clang, clang-tidy, clazy, or Krazy2. QVector<int> myVec; myVec.push_back(1); myVec.push_back(2); int third = myVec.at(3); int otherThird =myVec[3]; obviously this segfaults because there was never a third element. The issue is that no single IDE or plugin will flag this. It'll ASSERT in Qt Creator debug build run but that's after it compiles. there has to be some intellisense like thing in the editor or any static analysis tool that can read Qt Containers. "Just add the Qt source to your code model" you might say well compiling every single part of Qt takes many days so not an option. Another example is QCheckBox *myCheckbox = new QCheckBox(); QListView *myListView = qobject_cast<QListView *>(myCheckBox); //will equal null QSize size = myListView->gridSize(); //myListView is null so crashes with segfault again This leads to deep bugs that aren't flagged with any static analysis tool.
Your 1st case is difficult to make a generic check for, as there's hundreds of little variations. Your 2nd case could be done, and we could make the following guideline: "If you use qobject_cast you should verify the pointer isn't null before dereferencing i. And if you're sure it's not null then you should have used static_cast in the first place"
Can there at least be some form of bounds checking? I'm not sure what other common standard library like container issues are common but maybe some of the most generic common?